Nmap

Get the standard ports and run all the scripts and checks on them:

nmap -n -v -sT -A <IP or FQDN> -oN nmap

Get a full TCP scan:

nmap -n -v -sT -p- -Pn -A -T5 -sC <IP or FQDN> -oN nmap

Get a SYN scan:

<aside> ℹ️

The SYN scan sends a SYN packet (which is the first part of the TCP handshake sequence) to a port, and analyzes the response to determine whether the port is open, closed, or filtered.

</aside>

nmap -v -A -O -p- -T4 -Pn -sS -sC <IP or FQDN> -oN nmap

• Options explanation

Get Stealth Scan:

nmap -v -A -O -p- -T4 -Pn -sS -sC <IP or FQDN> -oN nmap --scan-delay 3s --max-parallelism 1 -Pn

AutoRecon - by Tib3rius

Tib3rius/AutoRecon: AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Ports

SSH - Port 22

FTP - Port 21

DNS - Port 53

HTTP/S - Port 80/443

KERBEROS - Port 88

LDAP - Port 389